Hi Geoff, If you read the full article, I have covered Acl Behavior as well. I gave user two options, use manual Acl way to handle things and another is to use Acl Behavior. Because there are times when you want to use manual method to create Aros & Acos. However, most of the time Acl Behavior comes in handy. Thanks for the comments though,
Ketan On Jul 15, 7:10 pm, Geoff Ford <[EMAIL PROTECTED]> wrote: > @Ketan > The article is quite good, pretty easy to read if you understand the > basic concepts of ACL. However, I would recommend reading about the > AclBehavior as it will reduce the logic in your controller. I am a fan > of Chris Hartjes's Fat Model, Skinny Controller school of thought. > > @Dan > Cakephp 1.2's AclBehavior is perfect for this sort of thing - I use it > to create Groups/Roles and then authorize on that. > Warning: Shamless self promotion ahead :) > I am in the process of writing a series of articles on ACL and the > built in AclBehavior and Auth component, as I figure them out. You > can read the first one on AclBehavior > athttp://lemoncake.wordpress.com/2007/07/15/using-aclbehavior-in-cakeph... > It doesn't explain ACL concepts, just how to use the behavior. > > Geoff > --http://lemoncake.wordpress.com > > On Jul 16, 2:34 am, Ketan Patel <[EMAIL PROTECTED]> wrote: > > > On Jul 13, 3:17 pm, cakeFreak <[EMAIL PROTECTED]> wrote: > > > > Great Article! > > > > I was just wondering whether instead of building the aros for every > > > single user, it is possible to build the aros (and then acos) for > > > user groups instead. > > > > You get the usergroup from the Auth->user session data, ACL checks if > > > the group of that user is allowed a specific ACo and so on! > > > > If you Ketan could provide a bit of advice... it would be much > > > appreciated! > > > > Dan > > > Hi Dan, > > You could use above method to do what you want. Say for eg: You have a > > controller reports with various actions and you wish to give only > > users group access to it and verify if the user has access to that > > report controller or not? > > > 1. Create Aro for the UserGroup > > 2. Create Aco for the Controller (if required, may be for actions too) > > 3. Grant permission > > $this->Acl->allow( 'UserGroupAro', 'ControllerAco', 'permissions') > > > Then, all you have to do is > > $this->Acl->check('UserGroupAro', 'ControllerAco', 'permission'); > > > Such method would be useful only when you have all users belonging to > > certain group same access level to the given 'Aco' (ie. controller in > > this case). But in case if you need more fine control like : say User > > A and User B belongs to UserGroup Z. UserGroup Z is given access to > > Notes Controller which can read, create, delete and update notes in > > Note Model. > > > UserA created a note which is private to user A and you do not want > > User B to access it then with above method, this would fail as the > > whole UserGroup Z is given CRUD access to the NotesController, so > > essentially all the users belonging to UserGroup Z can CRUD each > > others record which is not good and this is when you have to use the > > record level control as given in my article. > > > Hope this is what you wanted!! > > Ketan ;-)http://www.eClassifieds4U.com-Free Classifieds with Photos --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
